For a while I thought Id got the solution to this. I was advised to explicitly include a Temporary files subfolder using the File System view of the web deployment project. In its properties it is possible to set AllowWriteAccess to True. However, all this does is set the Write permission in IIS so that PUT requests are allowed. FileIO permission is still needed.
I have had to settle for a solution using Orca, as supplied by Microsoft. Here it is free for anyone else:
"1. I added a websetup project to my web application in Visual Studio.NET and added a subfolder (Temp) to the setup.
2. I created the *.msi file with options Build "Release", Bootstrapper "None" and Compression "Optimized for size" to get just the *.msi without the bootstrapper files (which are present on Win 2000 and higher -> all platforms which support ASP.NET)
3. I edited this msi file with Orca.exe (included in the Windows Installer SDK)
a) I inspected the msi file and went to the table directory
In the right pane you see all directories created during the setup process. You should also see your directory for the Temp folder under the TARGETDIR parent (TEMP|Temp in the msi file). Goto to the column "Directory" and copy the value for your Temp directory "(looks like a cryptic string, in my case it is _7A3DCE8D705B4E81BF76FFA5C8269B42)
b) Go back to the left pane and navigate to the table LockPermissions, in the right pane right click and choose "Add Row"
Enter the following values for the row:
LockObject: _7A3DCE8D705B4E81BF76FFA5C8269B42 (<- the string value as mentioned before)
Table: CreateFolder
Domain: leave empty (no value which is local)
User: NetworkService
Permission: 1074921609 (read write access)
How did I get the permission value ?
See:
HOWTO: Set Permissions Using the LockPermissions Table
ID: 288975.KB.EN-US
http://support.microsoft.com/?id=288975
The permissions that can be set are as follows:
| Privilege constant | Hexadecimal | Decimal |
+=====================+=============+============+
| GENERIC_ALL | 0X10000000 | 268435456 |
+=====================+=============+============+
| GENERIC_WRITE | 0x40000000 | 1073741824 |
+=====================+=============+============+
| GENERIC_EXECUTE | 0x20000000 | 536870912 |
+=====================+=============+============+
| KEY_READ | 0x00020019 | 131097 |
+=====================+=============+============+
| FILE_GENERIC_READ | 0x01020089 | 1179785 |
+=====================+=============+============+
To get read write access add FILE_GENERIC_READ + GENERIC_WRITE = 1179785 + 1073741824 = 1074921609